Ubuntu

SFTP:關閉 Pageant 以強制使用密碼而不是公鑰

  • September 11, 2018

我正在嘗試使用客戶端提供給我的使用者名和密碼 SFTP 到伺服器,但我不斷收到Disconnected: No supported authentication methods available (server sent: publickey). 我在 Ubuntu 13.10 上,我嘗試在終端中使用 Filezilla sftp -vv user@hostgui lftp -u user sftp://host

這是我在 Debug:Verbose 模式下從 Filezilla 獲得的輸出:

Response:   fzSftp started
Trace:  CSftpControlSocket::ConnectParseResponse(fzSftp started)
Trace:  CSftpControlSocket::SendNextCommand()
Trace:  CSftpControlSocket::ConnectSend()
Command:    open "user@host" 22
Trace:  Server version: SSH-2.0-CoreFTP-0.3.1
Trace:  Using SSH protocol version 2
Trace:  We claim version: SSH-2.0-PuTTY_Local:_Sep_14_2013_01:12:43
Trace:  Using Diffie-Hellman with standard group "group14"
Trace:  Doing Diffie-Hellman key exchange with hash SHA-1
Trace:  Host key fingerprint is:
Trace:  ssh-rsa 1024 b1:ac:c5:b6:d2:b8:d3:ef:fc:d2:b3:d8:06:2c:d2:25
Trace:  Initialised AES-256 SDCTR client->server encryption
Trace:  Initialised HMAC-SHA1 client->server MAC algorithm
Trace:  Initialised AES-256 SDCTR server->client encryption
Trace:  Initialised HMAC-SHA1 server->client MAC algorithm
Trace:  Pageant is running. Requesting keys.
Trace:  Pageant has 1 SSH-2 keys
Trace:  Trying Pageant key #0
Trace:  Sending Pageant's response
Trace:  Access denied
Trace:  Disconnected: No supported authentication methods available (server sent: publickey)
Error:  Disconnected: No supported authentication methods available (server sent: publickey)
Trace:  CSftpControlSocket::ResetOperation(66)
Trace:  CControlSocket::ResetOperation(66)
Error:  Could not connect to server

sftp -vv輸出類似。似乎 Pageant 在密碼之前提供了我的公鑰(這是正常的),但隨後沒有繼續進行密碼身份驗證。有沒有辦法首先強制密碼驗證(即完全繞過選美)?我必須能夠通過此連接執行 bash 腳本操作,因此需要使用sftporlftp命令。有沒有我可以設置的標誌來完成這個?我查看了手冊頁,但沒有找到我要查找的內容。

總是有可能在客戶端的伺服器上配置錯誤,但是由於客戶端能夠從該帳戶登錄沒問題,我懷疑問題出在我這邊。

更新

客戶端可以使用 Windows 上的 Filezilla 使用此帳戶登錄伺服器,從而排除了將其伺服器配置為僅允許公鑰身份驗證的可能性。這是一家較大的公司,其 IT 部門擁有許多此類帳戶,因此可以合理地假設他們之前已經這樣做過。這是他們在 Filezilla 中的 Debug:Verbose 的輸出:

Status:                   Connecting to host:22...

Trace:                     Going to execute "C:\Program Files\FileZilla FTP Client\fzsftp.exe"

Response:             fzSftp started

Trace:                     CSftpControlSocket::ConnectParseResponse(fzSftp started)

Trace:                     CSftpControlSocket::SendNextCommand()

Trace:                     CSftpControlSocket::ConnectSend()

Command:             open "user@host" 22

Trace:                     Looking up host "host"

Trace:                     Connecting to xxx.xxx.xxx.xxx port 22

Trace:                     Server version: SSH-2.0-CoreFTP-0.3.1

Trace:                     Using SSH protocol version 2

Trace:                     We claim version: SSH-2.0-PuTTY_Local:_Jun_15_2008_14:47:43

Trace:                     Using Diffie-Hellman with standard group "group14"

Trace:                     Doing Diffie-Hellman key exchange with hash SHA-1

Trace:                     Host key fingerprint is:

Trace:                     ssh-rsa 1024 b1:ac:c5:b6:d2:b8:d3:ef:fc:d2:b3:d8:06:2c:d2:25

Trace:                     Initialised AES-256 SDCTR client->server encryption

Trace:                     Initialised HMAC-SHA1 client->server MAC algorithm

Trace:                     Initialised AES-256 SDCTR server->client encryption

Trace:                     Initialised HMAC-SHA1 server->client MAC algorithm

Command:             Pass: ********

Trace:                     Sent password

Trace:                     Access granted

Trace:                     Opened channel for session

Trace:                     Started a shell/command

Status:                   Connected to host

Trace:                     CSftpControlSocket::ConnectParseResponse()

Trace:                     CSftpControlSocket::ResetOperation(0)

Trace:                     CControlSocket::ResetOperation(0)

Status:                   Retrieving directory listing...

Trace:                     CSftpControlSocket::SendNextCommand()

Trace:                     CSftpControlSocket::ChangeDirSend()

Command:             pwd

Response:             Current directory is: "/"

伺服器被配置為只允許公鑰認證,不允許密碼。你可以在它說的地方看到這個:

Trace:  Disconnected: No supported authentication methods available (server sent: publickey)
Error:  Disconnected: No supported authentication methods available (server sent: publickey)

可能是一個遲到的答案,但對於像我這樣最終會在這裡結束的可憐的靈魂。

可能發生的事情是 Filezilla 使用 env 變數SSH_AUTH_SOCK來訪問可用的 ssh 密鑰。

在我的機器上,如果我echo $SSH_AUTH_SOCK在終端中執行,我會得到類似的東西'/run/user/1000/keyring/ssh'

為了防止 Filezilla 找到您的 ssh 代理中的 ssh 密鑰,您可以通過這樣做清空該環境變數export SSH_AUTH_SOCK=""。現在,如果您在此終端中啟動 Filezilla,它將無法從您的 ssh 代理訪問 ssh 密鑰,並且它將使用配置的連接密碼。

引用自:https://serverfault.com/questions/583201